Go를 사용하여 TCP 연결을 위한 SSL 인증서 구성
컬렉션을 사용해 정리하기
내 환경설정을 기준으로 콘텐츠를 저장하고 분류하세요.
Go의 database/sql 패키지를 사용하여 PostgreSQL용 Cloud SQL에 대한 TCP 연결에 사용되는 SSL(보안 소켓 레이어) 인증서를 구성합니다.
코드 샘플
Go
PostgreSQL용 Cloud SQL에 인증하려면 애플리케이션 기본 사용자 인증 정보를 설정합니다.
자세한 내용은 로컬 개발 환경의 인증 설정을 참조하세요.
달리 명시되지 않는 한 이 페이지의 콘텐츠에는 Creative Commons Attribution 4.0 라이선스에 따라 라이선스가 부여되며, 코드 샘플에는 Apache 2.0 라이선스에 따라 라이선스가 부여됩니다. 자세한 내용은 Google Developers 사이트 정책을 참조하세요. 자바는 Oracle 및/또는 Oracle 계열사의 등록 상표입니다.
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],[],[],[],null,["# Configure SSL certificates for TCP connection by using Go\n\nConfigure SSL (Secure Sockets Layer) certificates for a TCP connection to Cloud SQL for PostgreSQL by using Go's database/sql package.\n\nCode sample\n-----------\n\n### Go\n\n\nTo authenticate to Cloud SQL for PostgreSQL, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n package cloudsql\n\n import (\n \t\"database/sql\"\n \t\"fmt\"\n \t\"log\"\n \t\"os\"\n\n \t// Note: If connecting using the App Engine Flex Go runtime, use\n \t// \"github.com/jackc/pgx/stdlib\" instead, since v5 requires\n \t// Go modules which are not supported by App Engine Flex.\n \t_ \"github.com/jackc/pgx/v5/stdlib\"\n )\n\n // connectTCPSocket initializes a TCP connection pool for a Cloud SQL\n // instance of Postgres.\n func connectTCPSocket() (*sql.DB, error) {\n \tmustGetenv := func(k string) string {\n \t\tv := os.Getenv(k)\n \t\tif v == \"\" {\n \t\t\tlog.Fatalf(\"Fatal Error in connect_tcp.go: %s environment variable not set.\", k)\n \t\t}\n \t\treturn v\n \t}\n \t// Note: Saving credentials in environment variables is convenient, but not\n \t// secure - consider a more secure solution such as\n \t// Cloud Secret Manager (https://cloud.google.com/secret-manager) to help\n \t// keep secrets safe.\n \tvar (\n \t\tdbUser = mustGetenv(\"DB_USER\") // e.g. 'my-db-user'\n \t\tdbPwd = mustGetenv(\"DB_PASS\") // e.g. 'my-db-password'\n \t\tdbTCPHost = mustGetenv(\"INSTANCE_HOST\") // e.g. '127.0.0.1' ('172.17.0.1' if deployed to GAE Flex)\n \t\tdbPort = mustGetenv(\"DB_PORT\") // e.g. '5432'\n \t\tdbName = mustGetenv(\"DB_NAME\") // e.g. 'my-database'\n \t)\n\n \tdbURI := fmt.Sprintf(\"host=%s user=%s password=%s port=%s database=%s\",\n \t\tdbTCPHost, dbUser, dbPwd, dbPort, dbName)\n\n \t// (OPTIONAL) Configure SSL certificates\n \t// For deployments that connect directly to a Cloud SQL instance without\n \t// using the Cloud SQL Proxy, configuring SSL certificates will ensure the\n \t// connection is encrypted.\n \tif dbRootCert, ok := os.LookupEnv(\"DB_ROOT_CERT\"); ok { // e.g., '/path/to/my/server-ca.pem'\n \t\tvar (\n \t\t\tdbCert = mustGetenv(\"DB_CERT\") // e.g. '/path/to/my/client-cert.pem'\n \t\t\tdbKey = mustGetenv(\"DB_KEY\") // e.g. '/path/to/my/client-key.pem'\n \t\t)\n \t\tdbURI += fmt.Sprintf(\" sslmode=require sslrootcert=%s sslcert=%s sslkey=%s\",\n \t\t\tdbRootCert, dbCert, dbKey)\n \t}\n\n \t// dbPool is the pool of database connections.\n \tdbPool, err := sql.Open(\"pgx\", dbURI)\n \tif err != nil {\n \t\treturn nil, fmt.Errorf(\"sql.Open: %w\", err)\n \t}\n\n \t// ...\n\n \treturn dbPool, nil\n }\n\nWhat's next\n-----------\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=cloud_sql_postgres)."]]
